Hi [[ session.user.profile.firstName ]]

Hacker-Powered Data: Security Weaknesses and Embracing Risk with HackerOne

Vulnerabilities are a fact of life; risk comes with it. Today, companies, enterprises, & governments are embracing collaboration with hackers to find vulnerabilities before criminals have a chance to exploit them. Using 6 years of data from 1,300+ bug bounty programs & 100,000+ valid vulnerabilities, this talk offers new analysis of the most common vulnerabilities not found on the OWASP top 10.
Recorded Jul 23 2019 27 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Miju Han, Director of Product Management, HackerOne
Presentation preview: Hacker-Powered Data: Security Weaknesses and Embracing Risk with HackerOne
  • Channel
  • Channel profile
  • Hybrid Clouds - Challenges Sep 7 2020 6:00 am UTC 45 mins
    Narudom ROONGSIRIWONG, Head, IT Security, Kiatnakin Public Bank
    As businesses are developing rapidly, many cloud consumers find that a single public/private cloud or traditional on-premises data center is no longer able to meet service requirements. Organizations are increasingly choosing hybrid cloud environments and services to meet their needs. However, hybrid clouds pose different risks and thus bring on a different set of challenges to security.

    This presentation will provide an overview of Hybrid Cloud, demonstrate its risks, threats and vulnerabilities, and give examples of Hybrid Cloud use cases.
  • FedRAMP - How Did we get here and where are we now? Sep 7 2020 5:00 am UTC 45 mins
    Katie Lewin, Federal Director, CSA
    Brief overview of the history of the FedRAMP program including successfactors and lessons learned. Concentration on the improvements to the FedRAMP program that are designed to address to dominant criticism of the program - costs too much, takes too much time. Covers risk based evaluation profiles, agency liaison program and FedSTAR.
  • Welcome Remarks & Opening Address Sep 7 2020 4:00 am UTC 45 mins
    Jim Reavis, CEO, CSA & Representative from Ministry of Digital Economy & Society
    Thailand Security Landscape
  • Accelerate and Optimize Your Third Party Risk Management Program Sep 3 2020 5:00 pm UTC 60 mins
    Pete Kandybowicz, Director - Customer Success, SecurityScorecard
    Third-Party Risk Management has become a critical component of protecting and securing your organization. However, many companies still need to find a way to operate at scale in order to be efficient, gain insights, and improve cybersecurity resilience.

    In this webinar, we will walk through the necessary people, process, and technology to help you mitigate the cyber risks introduced by your vendors, partners, suppliers, or any third party.
    We will discuss:
    ● How to employ a risk-based assessment process
    ● Best practices when communicating with third parties
    ● How to utilize meaningful insights from tools
    ● And much more!
  • Zero Trust Access: From industry buzzword to a corporate reality Aug 27 2020 4:00 pm UTC 60 mins
    Ashur Kanoon, Sr. Director, Portfolio Solutions at Pulse Secure
    Operationalizing industry buzzwords isn’t always possible. Sometimes these buzzwords are aspirational but the technology behind isn’t understood. In the case of Zero Trust, working with the right vendor means quickly deploying applications securely to enhance productivity and reduce your organizations attack surface. Join us to learn more about Zero Trust Access solutions and the key business and technical considerations when trying to find what’s best for your organization.
  • Introducing Stringlifier – an Open Source String Detector Aug 25 2020 5:00 pm UTC 60 mins
    Andrei Cotaie, Sr. Security Engineer|Tiberiu Boros, Data Scientist & ML Engineer|Kumar Vikramjeet, Security Engineer at Adobe
    “1e32jnd9312”, “32189321-DEF3123-9898312”, “ADEFi382819312.” Do these strings seem familiar? They could be hashes, randomly generated passwords, API keys, or other useful information. They can be found in logs, command lines, configuration files, and source code. Whether you are analyzing logs or hunting for accidentally exposed credentials, they are not exactly easy to find because building a search pattern for something so random is a particularly hard task. To help solve this problem, we developed Stringlifier - an open-source application that allows you to detect these types of strings in any plain text. It leverages machine learning to distinguish between normal and random character sequences and can also be adapted for more fine-grained classifications.

    Join Andrei Cotaie, Sr. Security Engineer, Tiberiu Boros, Data Scientist & Machine Learning Engineer, and Kumar Vikramjeet, Security Engineer, as they introduce you to Stringlifier and how it can help you automate some common cloud security tasks. You will see examples of how to use it and also get information on how you can download and use it in your own environment.
  • Cloud Security in a Distributed World Aug 20 2020 4:00 pm UTC 61 mins
    Ashley Ward, CTO - Prisma Cloud, Palo Alto Networks
    COVID-19 is driving the demand for cloud based remote access tools. However, while the majority of IT and Security leaders are now focused on remote access, an equally challenging issue looms: the resurgence of cloud transformation projects. Attackers are taking advantage of the current situation and security professionals must adapt and arm themselves. Join Ashley Ward, CTO - Prisma Cloud at Palo Alto Networks from the trenches to learn about 3 SOC focused initiatives you can work on today to strengthen cloud security during the COVID-19 crisis and beyond.
    - Optimize your SOC for cloud-based developer environments
    - Use your SOC to make data-driven risk management decisions
    - Tailor how your SOC delivers security services to specific business needs
  • Security Automation Simplified with Open Security Controls Assessment Language Aug 19 2020 5:00 pm UTC 75 mins
    Dr. Michaela Iorga Senior Security Technical Lead for Cloud Computing National Institute of Standards and Technology (NIST)
    Security Automation Simplified with Open Security Controls Assessment Language
    Aligning security risk management and compliance activities with the broader adoption of cloud technology and the exponential increase in the complexity of smart systems leveraging such cloud solutions, has been a challenging task to date. Additionally, the proliferation of containers and service mesh technologies employed in cloud ecosystems for enhanced portability and security, compels organizations to leverage risk management strategies that are tightly coupled with the dynamic nature of their systems. NIST’s Open Security Controls Assessment Language (OSCAL) is a standard of standards that provides a normalized expression of security requirements across standards, and a machine-readable representation of security information from controls to system implementation and security assessment. This bridges the gap between antiquated approaches to IT compliance and innovative technology solutions. Imagine a future where security documentation builds itself, and security management tools from different vendors integrate seamlessly. Security practitioners will spend less time on security documentation, assessments, and adjudication, yet the results of those activities will be more accurate and more easily monitored. OSCAL enables this and more.
  • Storm Clouds Ahead: Assessing AWS Environments Aug 18 2020 5:00 pm UTC 60 mins
    Jon Ehret of RiskRecon | Trevor Hawthorn of Stratum Security | Jared Perry of Stratum Security
    Achieving good third-party risk outcomes requires that your vendors operate secure cloud environments. Many security teams have assumed that if a third-party is using Amazon Web Services that they are operating securely, when in fact, the sheer breadth of an AWS deployment leaves plenty of room for error.  

    During our webinar, experts from Stratum Security and RiskRecon will take you through the expanse of a proper AWS deployment, diving into real-world examples of what can go right - and wrong - when securing AWS operations. We will discuss the core security criteria that every practitioner should be familiar with to properly assess the operations of any third-party AWS environment and will provide you will the knowledge you need to begin securing your cloud environments today. 

    Join this session to learn about:
    - Real-world use cases where AWS environments were exploited due to missteps in configuration
    - Core security criteria necessary for assessing the security of an AWS environment
    - A new playbook and questionnaire that will provide you with a step-by-step guide to secure AWS operations
  • Is that Anomaly an Enemy? Understanding the Importance of Security Analytics Aug 13 2020 4:00 pm UTC 60 mins
    Ted Kietzman, Product Manager, Duo Security
    With the rise in identity-based attacks due to the very distributed and remote workforce of 2020, how can your organization identify whether or not it’s the actual user who is attempting the authentication, or an attacker?

    Security analytics can provide crucial data to help identify potential issues that require investigation. In a large or distributed environment, however, these logs of novel IPs and devices, unusual logins, and access attempts by high-risk users can quickly become too much of a good thing. Swimming through this ocean of data is like looking for treasure on the Great Pacific garbage patch. But what if you had a historical profile of user and device behavior that would allow you to surface unusual activities and create a baseline for action?

    This idea isn’t new -- adaptive authentication and user behavioral analytics have become more popular, because understanding the story behind an anomaly can help inform and prioritize your response. Identifying anomalous logins that could indicate account takeover attempts before they’re breached based on unusual activity around the user, cohort, and the organization’s behavioral norms allows you to respond, adjust your policies, and protect users in real-time.

    Join Duo’s Ted Kietzman on August 13 at 1:00 p.m. ET for a dive into how collecting security analytics data is an important first step that will shape your ability to effectively handle potential attacks.
  • CSA's Executive Series - Advancing Cloud SIEM: A Hunter's Experience Aug 12 2020 5:00 pm UTC 40 mins
    Gunter Ollman, CSO - Cloud and AI Security, Microsoft
    Join Gunter Ollman, CSO - Cloud and AI Security, Microsoft in this webinar, where he will discuss how cloud SIEM is advancing, how this is changing the role of the threat hunter and SecOps teams, & what is to come.
  • Dark Web Demystified Recorded: Aug 6 2020 57 mins
    Charity Wright, Cyber Threat Intelligence Advisor, IntSights
    Come to the dark side! Charity Wright, a former NSA analyst and current Cyber Threat Intelligence Advisor at IntSights will take you on a tour of the dark web and explain how you can collect and analyze pertinent intelligence from the dark web to neutralize threats outside the wire at the earliest stages of the cyber kill chain. This session will take you on a guided tour of some of the hottest markets and forums for cyber threat intelligence collection in the dark web. See the most popular use cases for intelligence to protect your companies: credential leakage, attack indication, bank cards for sale, PII and PHI for sale, and much more!
  • Tackling Security in the World of Containers and Hybrid Cloud Recorded: Aug 4 2020 42 mins
    Lucy Kerner, Global Senior Principal Security Technical Evangelist, Red Hat
    Security teams are increasingly finding it challenging to keep up with the changing risks, compliance requirements, tools, and architectural changes introduced by new technologies - such as containers, kubernetes, software-defined infrastructure, and cloud technologies. As traditional infrastructure evolves to a mix of bare metal, virtual, cloud, and container environments, how can you maintain security, governance, compliance and reduce risk amid this growing complexity?

    Traditional perimeter-based network security does not work in this new world of containers and hybrid cloud. Security teams must rethink their approach to security in this new world with automation and DevSecOps, where security is built-in, continuously addressed, and continuously monitored across the entire application lifecycle, infrastructure lifecycle, and supply chain.

    In this keynote, we'll discuss some prescriptive steps you can take to tackle security successfully in the world of containers and hybrid cloud.
  • Transitioning, Enhancing, and Innovating in the Cloud Recorded: Jul 29 2020 28 mins
    John Yeoh, Global VP of Research, CSA
    Wherever you are in your cloud journey, CSA research is available to help organizations transition to the cloud, enhance security in the cloud, and innovate from the cloud through their consensus-driven research and initiatives. In this session, John Yeoh connects the latest industry research for guidance and insight that is applicable to organizations across multiple cloud security positions from the private and the public sectors. Learn how to utilize resources that leverage cloud security controls frameworks, top threats reports, and more
  • Nefarious Uses of Cloud: A Case Study from Defending a Security Conference Recorded: Jul 29 2020 30 mins
    Wong Onn Chee, CTO, Resolvo & Co-Chair, CSA APAC Research Advisory Council
    As organisations increasingly move to the cloud, so do the attackers. Come and listen to Onn Chee on how the cloud was used to attack a security conference's websites on the cloud, the profile of the attackers from cloud and how did the conference organisers defend against them. In addition, Onn Chee will share on lessons learnt and a new pro-active approach to cloud defense by looking at IoR - Indicators of Reconnaissance - which is the first step in the Cyber Kill Chain, instead of IoC - Indicators of Compromise - to achieve faster and pre-emptive disruption to the Cyber Kill Chain.
  • Visibility & Security Challenges Across Multicloud, Hybrid, & Remote Deployments Recorded: Jul 23 2020 53 mins
    Fernando Montenegro, Principal Analyst, 451 Research & Dan Frey, Sr. Cloud Security Manager, ExtraHop
    Migration to the cloud continues, now with even greater urgency as organizations around the world transition to remote workforces and shift operations off-premises. But cloud environments can expand the attack surface and erase visibility into critical infrastructure and applications, introducing complexity—especially in the case of multi-cloud and hybrid cloud.

    So where are organizations migrating workloads to, and how are they doing it? Are they lifting and shifting legacy applications to IaaS and PaaS, repackaging them using containers, or refactoring for serverless? And what’s happening after migration? Do IT and security operations think they have sufficient monitoring and security for applications running in the cloud, and if not, what are they doing to regain control? And what about hybrid organizations? Do new cloud deployments expose their on-premises infrastructure to new threats, and are their legacy security tools able to detect and respond to novel and fast moving attacks?

    Join us for this webinar to learn how cloud deployments are affecting security and operations teams, and how they are responding to the myriad challenges associated with enabling and securing growing businesses and remote workforces.
  • The Resurgence of Cloud Recorded: Jul 22 2020 22 mins
    David Cass, Vice President Cyber & IT Risk, Federal Reserve Bank of New York
    TBDCloud has seen the typical technology pendulum swing experienced by most innovative technologies.
    Organizations started with the all in cloud first model only to have to later step back and take a more
    moderate approach. Yet cloud continues to thrive. I will discuss:
     Why do organizations struggle with cloud?
     The importance of strategy
     The impact on security, risk and compliance programs
     The impact on business process and operations
  • CSA STAR Town Hall – Everything you’ve wanted to know Recorded: Jul 22 2020 59 mins
    John Yeoh of CSA, JR of CSA, John DiMaria of CSA, and Brianna Hogan of Booz Allen Hamilton
    CSA STAR is being recognized as the international harmonized solution, leading the way of trust for cloud providers, users, and their stakeholders, by providing an integrated cost-effective solution that decreases complexity and increases trust and transparency.

    The STAR Registry holds close to 1000 top Cloud Service Providers that apply to STAR Level 1 and or 2 Self-assessment or certification. Close to 20,000 people each month visit the STAR Registry to view vendor analysis.

    Join CSA’s John Yeoh, Global Vice President of Research; Luciano (J.R.) Santos, Chief Customer Officer; and John DiMaria, Assurance Investigatory Fellow; as they team up with one of the top cloud security consultants from Booz Allen Hamilton to answer your questions in this special CSA Town Hall.
  • Zero Trust: A Five Step Program Recorded: Jul 21 2020 32 mins
    Leya Leydiker and Ganesh Umapathy, Product Managers at Duo
    If you’re eager to learn how you can elevate your Access Management journey, especially with the swift, mass pivot to remote work, don’t miss this webinar. The workforce to protect continues to expand, and everyone needs remote access, bringing more third-party devices and BYOD into the network environment.

    In this session, security and technology experts Leya Leydiker and Ganesh Umapathy, Product Managers at Duo, will share a simple framework for Zero Trust that can help guide your journey. Suitable for organizations of all sizes.
  • Building a Successful Third Party Risk Management Program for a Modern World Recorded: Jul 16 2020 50 mins
    Chad A. Peterson - Director, Security Operations at Optiv Security &Matthew Barth, Senior Sales Engineer at SecurityScorecard
    The challenges that organizations are facing today are increasingly more complex than the past. A global health crisis, an unstable economy and changing dynamics of business risks and opportunities make decision making difficult. These reasons, coupled with ever evolving changes to compliance rules and regulations makes driving a successful Third Party Risk Management Program challenging.

    Throughout this webinar, our speakers - Optiv’s Director of Security Operations, Chad Peterson, along with SecurityScorecard’s Lead Systems Engineer, Matt Barth - will discuss:
    - Strategies on how to accurately and efficiently assess your high priority vendors.
    - Best practices on how to create a Third Party Risk Management Program that is efficient but can scale effortlessly using automation and technology.
    - Why going beyond the questionnaires and risk scores by providing the human element to third party vendors will build a sturdy foundation for a program that is equipped for the future
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Hacker-Powered Data: Security Weaknesses and Embracing Risk with HackerOne
  • Live at: Jul 23 2019 5:00 pm
  • Presented by: Miju Han, Director of Product Management, HackerOne
  • From:
Your email has been sent.
or close